From f4cc93f00d81eff4ca34fe96c7e7f0568a79a03a Mon Sep 17 00:00:00 2001 From: jonaustin09 Date: Fri, 17 May 2024 09:50:23 -0400 Subject: [PATCH] fix: Added validation for PubObjectLockConfiguration action ObjectLockEnabled and Mode fields --- auth/object_lock.go | 8 +++++ tests/integration/group-tests.go | 4 +++ tests/integration/tests.go | 52 ++++++++++++++++++++++++++++++++ 3 files changed, 64 insertions(+) diff --git a/auth/object_lock.go b/auth/object_lock.go index 6d070e2..234022f 100644 --- a/auth/object_lock.go +++ b/auth/object_lock.go @@ -39,12 +39,20 @@ func ParseBucketLockConfigurationInput(input []byte) ([]byte, error) { return nil, s3err.GetAPIError(s3err.ErrMalformedXML) } + if lockConfig.ObjectLockEnabled != "" && lockConfig.ObjectLockEnabled != types.ObjectLockEnabledEnabled { + return nil, s3err.GetAPIError(s3err.ErrMalformedXML) + } + config := BucketLockConfig{ Enabled: lockConfig.ObjectLockEnabled == types.ObjectLockEnabledEnabled, } if lockConfig.Rule != nil && lockConfig.Rule.DefaultRetention != nil { retention := lockConfig.Rule.DefaultRetention + + if retention.Mode != types.ObjectLockRetentionModeCompliance && retention.Mode != types.ObjectLockRetentionModeGovernance { + return nil, s3err.GetAPIError(s3err.ErrMalformedXML) + } if retention.Years != nil && retention.Days != nil { return nil, s3err.GetAPIError(s3err.ErrMalformedXML) } diff --git a/tests/integration/group-tests.go b/tests/integration/group-tests.go index 2a93eaf..3eb5ab5 100644 --- a/tests/integration/group-tests.go +++ b/tests/integration/group-tests.go @@ -311,6 +311,8 @@ func TestPutObjectLockConfiguration(s *S3Conf) { PutObjectLockConfiguration_non_existing_bucket(s) PutObjectLockConfiguration_empty_config(s) PutObjectLockConfiguration_not_enabled_on_bucket_creation(s) + PutObjectLockConfiguration_invalid_status(s) + PutObjectLockConfiguration_invalid_mode(s) PutObjectLockConfiguration_both_years_and_days(s) PutObjectLockConfiguration_invalid_years_days(s) PutObjectLockConfiguration_success(s) @@ -631,6 +633,8 @@ func GetIntTests() IntTests { "PutObjectLockConfiguration_non_existing_bucket": PutObjectLockConfiguration_non_existing_bucket, "PutObjectLockConfiguration_empty_config": PutObjectLockConfiguration_empty_config, "PutObjectLockConfiguration_not_enabled_on_bucket_creation": PutObjectLockConfiguration_not_enabled_on_bucket_creation, + "PutObjectLockConfiguration_invalid_status": PutObjectLockConfiguration_invalid_status, + "PutObjectLockConfiguration_invalid_mode": PutObjectLockConfiguration_invalid_mode, "PutObjectLockConfiguration_both_years_and_days": PutObjectLockConfiguration_both_years_and_days, "PutObjectLockConfiguration_invalid_years_days": PutObjectLockConfiguration_invalid_years_days, "PutObjectLockConfiguration_success": PutObjectLockConfiguration_success, diff --git a/tests/integration/tests.go b/tests/integration/tests.go index 0efdbaf..3fb59a1 100644 --- a/tests/integration/tests.go +++ b/tests/integration/tests.go @@ -6355,6 +6355,7 @@ func PutObjectLockConfiguration_not_enabled_on_bucket_creation(s *S3Conf) error Rule: &types.ObjectLockRule{ DefaultRetention: &types.DefaultRetention{ Days: &days, + Mode: types.ObjectLockRetentionModeCompliance, }, }, }, @@ -6367,6 +6368,55 @@ func PutObjectLockConfiguration_not_enabled_on_bucket_creation(s *S3Conf) error }) } +func PutObjectLockConfiguration_invalid_status(s *S3Conf) error { + testName := "PutObjectLockConfiguration_invalid_status" + return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { + var days int32 = 12 + ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) + _, err := s3client.PutObjectLockConfiguration(ctx, &s3.PutObjectLockConfigurationInput{ + Bucket: &bucket, + ObjectLockConfiguration: &types.ObjectLockConfiguration{ + ObjectLockEnabled: types.ObjectLockEnabled("invalid_status"), + Rule: &types.ObjectLockRule{ + DefaultRetention: &types.DefaultRetention{ + Days: &days, + }, + }, + }, + }) + cancel() + if err := checkApiErr(err, s3err.GetAPIError(s3err.ErrMalformedXML)); err != nil { + return err + } + return nil + }) +} + +func PutObjectLockConfiguration_invalid_mode(s *S3Conf) error { + testName := "PutObjectLockConfiguration_invalid_status" + return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { + var days int32 = 12 + ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) + _, err := s3client.PutObjectLockConfiguration(ctx, &s3.PutObjectLockConfigurationInput{ + Bucket: &bucket, + ObjectLockConfiguration: &types.ObjectLockConfiguration{ + ObjectLockEnabled: types.ObjectLockEnabledEnabled, + Rule: &types.ObjectLockRule{ + DefaultRetention: &types.DefaultRetention{ + Days: &days, + Mode: types.ObjectLockRetentionMode("invalid_mode"), + }, + }, + }, + }) + cancel() + if err := checkApiErr(err, s3err.GetAPIError(s3err.ErrMalformedXML)); err != nil { + return err + } + return nil + }) +} + func PutObjectLockConfiguration_both_years_and_days(s *S3Conf) error { testName := "PutObjectLockConfiguration_both_years_and_days" return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { @@ -6404,6 +6454,7 @@ func PutObjectLockConfiguration_invalid_years_days(s *S3Conf) error { Rule: &types.ObjectLockRule{ DefaultRetention: &types.DefaultRetention{ Days: &days, + Mode: types.ObjectLockRetentionModeCompliance, }, }, }, @@ -6420,6 +6471,7 @@ func PutObjectLockConfiguration_invalid_years_days(s *S3Conf) error { Rule: &types.ObjectLockRule{ DefaultRetention: &types.DefaultRetention{ Years: &years, + Mode: types.ObjectLockRetentionModeCompliance, }, }, },